<?php 
$db = '_ccu_agenda';
$dbuser = 'sg_user';
$dbpass = 'sguady';
$dbhost = 'chicbul.uady.mx';

mysql_connect($dbhost,$dbuser,$dbpass) or die("could not connect");
mysql_select_db("$db") or die("could not open database");
?>


function sanitize($urlvar,$dval)
{
	if (is_array($urlvar)) 
	{
		$urlvar = $dval;		// prevent "[]" to cause variable to be taken as array	
	}
	if (preg_match("/[\-'*<>;+@]/",$urlvar)) $urlvar = $dval;	// check to prevent sql injection
	if (preg_match("/and/",$urlvar)) $urlvar = $dval;	// check to prevent sql injection
	if (preg_match("/or/",$urlvar)) $urlvar = $dval;	// check to prevent sql injection
	return $urlvar;
}